A memory corruption vulnerability has been disclosed in the Microsoft Internet explorer. Upon successful exploitation an attacker can achieve remote arbitrary code execution within the context of the current user. CVE-2018-8653 has been assigned to track this vulnerability. Microsoft has addressed this issue via an out of band advisory release . The issue affects IE 9,10,11 on their respective supported Windows OS. Currently this vulnerability is being exploited in the wild.
Please apply the latest patches provided Microsoft to address CVE-2018-8653. If immediate patching is not possible, please consider restricting access to JScript.dll by following the workarounds provided in the MS advisory.
Qualys will release QID: 100350 as soon as possible to detect CVE-2018-8653 vulnerable machines.
Please continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability